Where the real conversations in privacy happen

Big Data’s Thirst Is Driving Change in Minimization Philosophy

The recent National Security Administration (NSA) revelations demonstrate a broader trend: A retreat from minimization in collection and a move toward minimization in use. If you trust the collector not to break the rules, then a collect-first, minimize-later privacy model shouldn’t present a privacy impact, but recent revelations by The Washington Post have shown what happens when the collector becomes distrusted.

First, let’s not pretend there aren’t plenty of tools for guidance on when to apply minimization. The Fair Information Practices from the U.S. Department of Health, Education and Welfare, 1973, require collection limitations; the Privacy Guidelines from the Organization of Economic Cooperation and Development, 1980, require collection limitations; the EU Data Protection Directive 95/46/EC, 1995, in Article 6 addresses data minimization by specifying that personal data must only be “collected for specified, explicit and legitimate purposes;” and the White House's Consumer Privacy Bill of Rights, 2012, includes a right to focused collection, which places "reasonable limits on the personal data that companies collect and retain." It's clear that data minimization at the time of collection is broadly recognized as a fundamental privacy principle.

So what has changed?

Why, after decades of focus on collection as the point of minimization, has there been interest in applying minimization at the time of use? Two words: Big Data.

The Big Data business model threatens data minimization at the time of collection. In order to receive the benefits of Big Data, there has to be lots of data. When traditional minimization at the time of collection is challenged by the desire to benefit from large stores of data, privacy principles must be balanced against other societal values. Modern privacy scholars such as Omer Tene and Jules Polonetsky, have called for "a risk matrix, taking into account the value of different uses of data against the potential risks to individual autonomy and privacy" because minimizing information collection isn't always a practical approach in the age of Big Data.

While this focus on balancing values is important, the role of trust needs to be further developed. How can we develop systems that engender trust? How can we train people so that we can have faith that they will not abuse the systems they have access to? The more I think about it, the more I think Bruce Schneier has it right, we need to focus on “enabling the trust that society needs to thrive.”

Written By

0 Comments

Related

In the second installment of this series for The Privacy Advisor looking at monitoring programs across industries, including the privacy consultant, healthcare, IT, finance, government and telecom, Deidre Rodriguez, CIPP/US, talks with Danette Slevinski, vice president and corporate responsibility officer for Bon Secours Charity Health System, where she administers the corporate responsibility and Health Insurance Portability and Accountability Act (HIPAA) privacy program. "By having a monitorin...
Read more

California Sen. Richard Pan (D-Sacramento) wants to overhaul the state’s open data portal and create the role of a chief data officer reporting to the secretary of the Government Operations Agency as leader of the effort, Techwire reports. Pan’s bill “would task the governor with naming a chief data officer no later than Jan. 1, 2016, and require at least 150 data sets to be published on the statewide open data portal by 2017,” the report states. The bill also seeks the creation of “a statewide ...
Read more

ZDNet reports that Australian Communications Minister Malcolm Turnbull and Attorney-General George Brandis agree with a suite of recommendations made by a Parliamentary Joint Committee and that new data retention legislation will soon become law. The law will require telcos to keep a set of customer data, including call records, IP addresses, email address, text history and more, for a minimum of two years so the data can be accessed by law enforcement if necessary. Following the bill’s passage,...
Read more

My first impression of Mark Zuckerberg in the flesh is that he is permanently excited and overflowing with energy. That is hardly surprising given his age and his role in the Internet revolution. But the fact that he dropped by at the Mobile World Congress in Barcelona this week is quite significant. The annual Mobile World Congress is a mega event with nearly 100,000 attendees and the participation of every business with an interest in anything to do with mobile communications. So the presence ...
Read more

On Monday, March 2, I attended a reception in Brussels at which new European Data Protection Supervisor (EDPS) Giovanni Buttarelli and Assistant Supervisor Wojciech Wiewiórowski presented their strategic plan for the next five years. Entitled “The EDPS Strategy 2015-2019: Leading by Example,” the document represents a key moment in the work of the EU’s leading data protection regulator.
In the 11 years since Peter Hustinx originally established it, the EDPS has come to enjoy a worldwide reputat...
Read more

Tags

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.Learn more

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.